访问数据流
10.3.20.106(用户IP)--> 10.3.20.14(代理1) --> 10.3.20.51 (代理2)--> 10.3.20.54(代理3) --> getRealip.php(部署在 代理3)
nginx.conf log_format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
getRealip.php 代码
# cat /usr/share/nginx/html/getRealip.php
<?php
$ip = $_SERVER['REMOTE_ADDR'];
echo $ip;
?>
10.3.20.14(代理1)配置
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://10.3.20.51;
proxy_set_header X-Real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
10.3.20.51 (代理2)配置
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://10.3.20.54;
proxy_set_header X-Real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
10.3.20.54(代理3)配置(没有配置 http_realip_module)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
index index.php index.html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location = /getRealip.php {
fastcgi_pass unix:/var/run/phpfpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
访问 http://10.3.20.14/getRealip.php 的情况(注意日志记录第一个字段(remote_addr )最后一个字段(http_x_forwarded_for)的变化)
// 10.3.20.14(代理1)
10.3.20.106 - - [06/Jul/2018:09:26:56 +0800] "GET /getRealip.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" "-"
// 10.3.20.51 (代理2)
10.3.20.14 - - [06/Jul/2018:09:26:43 +0800] "GET /getRealip.php HTTP/1.0" 200 10 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" "10.3.20.106"
//10.3.20.54(代理3)
10.3.20.51 - - [06/Jul/2018:09:26:42 +0800] "GET /getRealip.php HTTP/1.0" 200 10 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" "10.3.20.106, 10.3.20.14"
// 10.3.20.54(代理3)没使用 http_realip_module 模块时,访问 http://10.3.20.14/getRealip.php 的结果 --> 10.3.20.51
10.3.20.54(代理3)配置使用 http_realip_module 模块
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
index index.php index.html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location = /getRealip.php {
set_real_ip_from 10.3.20.51;
set_real_ip_from 10.3.20.54;
set_real_ip_from 10.3.20.14;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
fastcgi_pass unix:/var/run/phpfpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
访问 http://10.3.20.14/getRealip.php 的情况(注意日志记录第一个字段(remote_addr )最后一个字段(http_x_forwarded_for)的变化)
10.3.20.14(代理1)
10.3.20.106 - - [06/Jul/2018:09:51:07 +0800] "GET /getRealip.php HTTP/1.1" 200 21 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" "-"
10.3.20.51 (代理2)
10.3.20.14 - - [06/Jul/2018:09:50:54 +0800] "GET /getRealip.php HTTP/1.0" 200 11 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" "10.3.20.106"
10.3.20.54(代理3)
10.3.20.106 - - [06/Jul/2018:09:50:54 +0800] "GET /getRealip.php HTTP/1.0" 200 11 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" "10.3.20.106, 10.3.20.14"
10.3.20.54(代理3)使用 http_realip_module 模块时,访问 http://10.3.20.14/getRealip.php 的结果 --> 10.3.20.106
